Analysis
-
max time kernel
151s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
04-09-2022 08:07
General
-
Target
f5e4b83dfc3b56080ea32061c4b65cba0b2b8317fd6b9bea9691fcb10abea1bc.exe
-
Size
751KB
-
MD5
5668078699916269937e3111a861a1ff
-
SHA1
8e893d663666a6d85ce5d6bd08f0901c89096b30
-
SHA256
f5e4b83dfc3b56080ea32061c4b65cba0b2b8317fd6b9bea9691fcb10abea1bc
-
SHA512
7eb98e3b4bba7f28c52f0f5ea7c37b6445f76205c2505b61ee4c7d783f4df890db4f66392ae67d5b1c4467354e7d0650a5a29842480106f8f832cb66fbb2f071
-
SSDEEP
12288:NrrpL7OiC1OtQOsCd+gjSSAFSwpdFeJR2iTHRgIab37oDsUmSXf05II2hggvntbc:Z1LCiC1OuCdd+SPwtolTHRfnPwf2hbg
Score
10/10
Malware Config
Signatures
-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f5e4b83dfc3b56080ea32061c4b65cba0b2b8317fd6b9bea9691fcb10abea1bc.exe"C:\Users\Admin\AppData\Local\Temp\f5e4b83dfc3b56080ea32061c4b65cba0b2b8317fd6b9bea9691fcb10abea1bc.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1952-132-0x0000000000400000-0x0000000000633000-memory.dmpFilesize
2.2MB
-
memory/1952-133-0x0000000000400000-0x0000000000633000-memory.dmpFilesize
2.2MB